https://bugzilla.redhat.com/show_bug.cgi?id=2417563
Sergio Correia <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|fedora-review? |fedora-review+ --- Comment #2 from Sergio Correia <[email protected]> --- Package Review ============== Legend: [x] = Pass, [!] = Fail, [-] = Not applicable, [?] = Not evaluated Issues: ======= - Harmless: Package contains duplicates in %files section. Note: warning: File listed twice: /usr/share/cargo/registry/cbor- codec-0.7.1/CHANGELOG.txt This is harmless and does not affect package functionality. ===== MUST items ===== Generic: [x]: Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines. Note: Licensed under MPL-2.0 (Mozilla Public License 2.0). [x]: License field in the package spec file matches the actual license. Note: Checking patched sources after %prep for licenses. Licenses found: "Unknown or generated", "*No copyright* Mozilla Public License 2.0". The 5 files with "unknown license" are build/config files (.gitlab-ci.yml, CHANGELOG.txt, Cargo.toml, README.asciidoc, tests/appendix_a.json) which is normal for Rust crates. Source code files are properly licensed under MPL-2.0. The "*No copyright*" note for LICENSE.txt is a false positive - the MPL-2.0 license text itself doesn't require an embedded copyright notice; the license header in source files references the MPL-2.0. [x]: License file installed when any subpackage combination is installed. Note: LICENSE.txt file properly included via %license directive. [x]: %build honors applicable compiler flags or justifies otherwise. Note: Uses %cargo_build macro which properly handles compiler flags. [x]: Package contains no bundled libraries without FPC exception. Note: Standard Rust dependencies (byteorder, libc, quickcheck) are properly declared as BuildRequires and not bundled. [x]: Changelog in prescribed format. Note: Uses %autochangelog macro which follows Fedora guidelines. [x]: Sources contain only permissible code or content. Note: Reviewed source code - this is a CBOR (Concise Binary Object Representation, RFC 7049) encoder and decoder implementation. Provides functionality for encoding and decoding data in CBOR binary format. No security concerns or malware detected. [-]: Package contains desktop file if it is a GUI application. Note: Not a GUI application - this is a Rust CBOR encoding library. [x]: Development files must be in a -devel package Note: Properly structured with rust-cbor-codec-devel and feature-specific -devel subpackages (default, quickcheck, random). [x]: Package uses nothing in %doc for runtime. Note: Documentation files (CHANGELOG.txt, README.asciidoc) are not required for runtime. [x]: Package consistently uses macros (instead of hard-coded directory names). Note: Proper use of %{crate_instdir}, %{crate}, %autorelease, etc. [x]: Package is named according to the Package Naming Guidelines. Note: Follows Rust packaging guidelines (rust-<crate-name> format). [x]: Package does not generate any conflict. [x]: Package obeys FHS, except libexecdir and /usr/target. Note: Files installed to /usr/share/cargo/registry/ per Rust guidelines. [-]: If the package is a rename of another package, proper Obsoletes and Provides are present. Note: Not a renamed package. [x]: Requires correct, justified where necessary. Note: Dependencies on crate(byteorder/default) and crate(libc/default) are appropriate for a low-level binary encoding library. Feature packages correctly depend on crate(quickcheck/default) when needed. [x]: Spec file is legible and written in American English. [-]: Package contains systemd file(s) if in need. Note: Library package, no systemd files needed. [x]: Package is not known to require an ExcludeArch tag. [x]: Package complies to the Packaging Guidelines [x]: Package successfully compiles and builds into binary rpms on at least one supported primary architecture. Note: Built successfully in mock for fedora-rawhide-x86_64. [x]: Package installs properly. [x]: Rpmlint is run on all rpms the build produces. Note: No rpmlint errors or warnings (0 errors, 0 warnings). [x]: If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %license. Note: LICENSE.txt file is included via %license. [x]: The License field must be a valid SPDX expression. Note: "MPL-2.0" is a valid SPDX identifier. [x]: Package requires other packages for directories it uses. [x]: Package must own all directories that it creates. [x]: Package does not own files or directories owned by other packages. [x]: Package uses either %{buildroot} or $RPM_BUILD_ROOT [x]: Package does not run rm -rf %{buildroot} (or $RPM_BUILD_ROOT) at the beginning of %install. [x]: Macros in Summary, %description expandable at SRPM build time. [x]: Dist tag is present. Note: Uses %autorelease which includes dist tag. [x]: Package does not contain duplicates in %files. Note: While the spec lists some files twice (via explicit directives and directory inclusion), this is harmless. RPM handles this correctly and includes each file only once in the final package. [x]: Permissions on files are set properly. [x]: Package must not depend on deprecated() packages. [x]: Package use %makeinstall only when make install DESTDIR=... doesn't work. Note: Uses %cargo_install macro appropriately. [x]: Package is named using only allowed ASCII characters. [x]: Package does not use a name that already exists. [x]: Package is not relocatable. [x]: Sources used to build the package match the upstream source, as provided in the spec URL. Note: SHA256 checksums match exactly: e083a023562b37c52837e850131a51b1154cceb9d149f41ee3d386737b140f46 [x]: Spec file name must match the spec package %{name}, in the format %{name}.spec. [x]: File names are valid UTF-8. [x]: Large documentation must go in a -doc subpackage. Large could be size (~1MB) or number of files. Note: Documentation size is minimal (CHANGELOG.txt 1042 bytes, README.asciidoc 247 bytes). [x]: Packages must not store files under /srv, /opt or /usr/local ===== SHOULD items ===== Generic: [-]: If the source package does not include license text(s) as a separate file from upstream, the packager SHOULD query upstream to include it. Note: LICENSE.txt file is included from upstream. [x]: Final provides and requires are sane (see attachments). Note: Provides crate(cbor-codec) and feature-specific crates (crate(cbor-codec/default), crate(cbor-codec/quickcheck), crate(cbor-codec/random)). Requires byteorder and libc dependencies. All appropriate and correctly versioned. [-]: Fully versioned dependency in subpackages if applicable. Note: For Rust packages, the crate() provides/requires system handles versioning. The %{name}%{?_isa} = %{version}-%{release} pattern is not applicable for noarch Rust -devel packages. [x]: Package functions as described. Note: CBOR Codec implementation providing encoder and decoder for Concise Binary Object Representation (RFC 7049). Includes support for optional features (quickcheck for property testing, random for randomized testing). [x]: Latest version is packaged. Note: Version 0.7.1 confirmed as latest on docs.rs and crates.io. [x]: Package does not include license text files separate from upstream. Note: LICENSE.txt file is from upstream tarball. [-]: Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: Crates.io does not publish GPG signatures. Checksum verification via SHA256 is the standard verification method for Rust crates and is performed automatically by %cargo_prep. [x]: Package should compile and build into binary rpms on all supported architectures. Note: noarch package, builds on all architectures. [x]: %check is present and all tests pass. Note: Spec includes %bcond check 0 with %cargo_test in %check section. Tests are disabled (%bcond check 0). This is acceptable for initial package inclusion. [?]: Packages should try to preserve timestamps of original installed files. Note: Standard cargo macros handle file installation. [x]: Reviewer should test that the package builds in mock. Note: Package builds successfully in mock environment. [x]: Buildroot is not present [x]: Package has no %clean section with rm -rf %{buildroot} (or $RPM_BUILD_ROOT) [x]: No file requires outside of /etc, /bin, /sbin, /usr/bin, /usr/sbin. [x]: Packager, Vendor, PreReq, Copyright tags should not be in spec file [x]: Sources can be downloaded from URI in Source: tag Note: Uses %{crates_source} macro pointing to crates.io. [x]: SourceX is a working URL. Note: https://crates.io/api/v1/crates/cbor-codec/0.7.1/download [x]: Spec use %global instead of %define unless justified. ===== EXTRA items ===== Generic: [x]: Rpmlint is run on all installed packages. Note: No rpmlint errors or warnings (0 errors, 0 warnings). [x]: Spec file according to URL is the same as in SRPM. Rpmlint ------- Checking: rust-cbor-codec-devel-0.7.1-1.fc44.noarch.rpm rust-cbor-codec+default-devel-0.7.1-1.fc44.noarch.rpm rust-cbor-codec+quickcheck-devel-0.7.1-1.fc44.noarch.rpm rust-cbor-codec+random-devel-0.7.1-1.fc44.noarch.rpm rust-cbor-codec-0.7.1-1.fc44.src.rpm 5 packages and 0 specfiles checked; 0 errors, 0 warnings, 25 filtered, 0 badness Source checksums ---------------- https://crates.io/api/v1/crates/cbor-codec/0.7.1/download#/cbor-codec-0.7.1.crate : CHECKSUM(SHA256) this package : e083a023562b37c52837e850131a51b1154cceb9d149f41ee3d386737b140f46 CHECKSUM(SHA256) upstream package : e083a023562b37c52837e850131a51b1154cceb9d149f41ee3d386737b140f46 Requires -------- rust-cbor-codec-devel (rpmlib, GLIBC filtered): cargo crate(byteorder/default) crate(libc/default) rust-cbor-codec+default-devel (rpmlib, GLIBC filtered): cargo crate(cbor-codec) rust-cbor-codec+quickcheck-devel (rpmlib, GLIBC filtered): cargo crate(cbor-codec) crate(quickcheck/default) rust-cbor-codec+random-devel (rpmlib, GLIBC filtered): cargo crate(cbor-codec) crate(cbor-codec/quickcheck) Provides -------- rust-cbor-codec-devel: crate(cbor-codec) rust-cbor-codec-devel rust-cbor-codec+default-devel: crate(cbor-codec/default) rust-cbor-codec+default-devel rust-cbor-codec+quickcheck-devel: crate(cbor-codec/quickcheck) rust-cbor-codec+quickcheck-devel rust-cbor-codec+random-devel: crate(cbor-codec/random) rust-cbor-codec+random-devel Generated by fedora-review 0.10.0 (e79b66b) last change: 2023-07-24 Buildroot used: fedora-rawhide-x86_64 ===== APPROVAL ===== This package is APPROVED, thanks The duplicate files listing in %files is harmless and does not affect functionality. All MUST items pass, and the package meets Fedora packaging guidelines. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2417563 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202417563%23c2 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
